我有一些使用外部 oidc 的 blazor wasm 所以我是这样的: wasm:
builder.Services.AddOidcAuthentication(opt =>
{
opt.ProviderOptions.Authority = "https://xx.yy.pl/auth/realms/corporate";
opt.ProviderOptions.ClientId = "ClienID";
opt.ProviderOptions.DefaultScopes.Add("email");
opt.ProviderOptions.DefaultScopes.Remove("profile");
opt.ProviderOptions.ResponseType = "code";
});
var IHttpServiceClient = builder.Services.AddHttpClient<IBaseHttpService,BaseHttpService>((serviceProvider, client) =>
{
client.BaseAddress = new Uri(builder.HostEnvironment.BaseAddress);
});
builder.Services.AddScoped<CustomAuthorizationMessageHandler>();
IHttpServiceClient.AddHttpMessageHandler<CustomAuthorizationMessageHandler>();
CustomAuthorizationMessageHandler 就是简单的
public class CustomAuthorizationMessageHandler:AuthorizationMessageHandler
{
public CustomAuthorizationMessageHandler(IAccessTokenProvider provider , NavigationManager nav) :base(provider, nav)
{
ConfigureHandler(authorizedUrls: new[] { nav.BaseUri });
}
}
现在是服务器 api:(如果我删除这部分,则一切正常
[authorize]
)
builder.Services
.AddAuthentication("Bearer")
.AddJwtBearer("Bearer", options =>
{
options.Authority = "https://xx.yy.pl/auth/realms/corporate";
options.TokenValidationParameters.ValidateAudience = false;
});
builder.Services.AddAuthorization(options =>
{
var defaultAuthorizationPolicyBuilder = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme);
defaultAuthorizationPolicyBuilder = defaultAuthorizationPolicyBuilder.RequireAuthenticatedUser();
options.DefaultPolicy = defaultAuthorizationPolicyBuilder.Build();
});
在调试时,这工作得很好——当我登录时,它获取令牌并添加到服务器发送/接收请求中,一切正常
但是当我发布并将其发送到我的 PROD 服务器时 然后所有 api 请求都失败/抛出
Unhandled exception rendering component:
System.Exception
at Web.Client.Core.HttpClients.BaseHttpService.<sendRequest>d__11`1[[Web.Shared.WeatherForecast[], Web.Shared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]].MoveNext()
at Web.Client.Core.HttpClients.BaseHttpService.<Get>d__5`1[[Web.Shared.WeatherForecast[], Web.Shared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]].MoveNext()
at Web.Client.Pages.Learn.FetchData3.OnInitializedAsync()
at Microsoft.AspNetCore.Components.ComponentBase.RunInitAndSetParametersAsync()
at Microsoft.AspNetCore.Components.RenderTree.Renderer.GetErrorHandledTask(Task , ComponentState )
我看到所有请求都以 BadRequest 结束,没有消息也没有内容
我在这里遗漏了什么吗?此配置可能有什么问题? 我看到令牌已正确添加到正文中
请指教 最好的问候
编辑 来自服务器的日志
Microsoft.AspNetCore.Server.IIS.Core.IISHttpServer
Connection ID "14987979565794590827", Request ID "8000006c-0001-d000-b63f-84710c7967bb": An unhandled exception was thrown by the application.
IDX20803: Unable to obtain configuration from: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler
Exception occurred while processing message.
IDX20803: Unable to obtain configuration from: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
问题是 API 无法从您的系统内到达授权服务器。如何解决这一切取决于您的配置,但您需要确保您在 opt.ProviderOptions.Authority 中提供的域实际上可以从您的系统中访问。
或者使用不同的 URL/域。
仅仅因为您的浏览器可以访问它,并不意味着它可以从后端访问。